Splunk Hack #4 – Aliasing Splunk with a Subdomain

With the new release of Splunk Preview out, I’ve run into a problem keeping the different versions straight on my laptop. I have the free version, the Preview, the official release, and a version of current running – often times simultaneously. It’s getting messy.

What you really want to do is refer to them with different subdomain names, where something like would bring up Splunk without having to remember the port number.

If you are running Apache, (like I am on Leopard) you get a reverse proxy server for free. With just a few lines of configuration, you can alias subdomains (or domains for that matter) to your heart’s content.

You also get the ability of putting content behind some basic authentication provided via Apache’s HTTP auth methods. This comes in handy if you’d like to link to your Splunk install from a publicly facing page, but don’t want people to know what type of content is behind the authentication. It also works for limiting access to a particular IP address group or domain.

I’ve put together a screencast covering how to do this from OS X’s version of Apache. Click on the thumbnail below to play the screencast.

Note: Firewalling the actual port Splunk runs on is left as an exercise for the viewer, as is limiting access to a group of IP addresses. More information about configuring Apache’s mod_proxy module can be found on Apache’s website.

Here’s the configuration code from the screencast:

        ProxyPass http://localhost:8000/ 
        ProxyPassReverse http://localhost:8000/ 


        ProxyPass http://localhost:8001/ 
        ProxyPassReverse http://localhost:8001/ 
        AuthType Basic 
        AuthName "Password Required" 
        AuthUserFile /etc/.htpasswd 
        require valid-user 


By Kord Campbell

Posted by